Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 4.7.16
-
Fix Version/s: None
-
Component/s: CiviContribute, CiviCRM API, Core CiviCRM
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Needs Funding
-
Verified?:No
Description
The purpose of the 'Financial ACL' feature in 4.7 is to hide contributions of certain financial types from being seen by back-end users. As CiviCRM Core is starting to use the API internally, this creates issues in the implementation of this functionality.
In order to achieve the Financial ACL feature, 4 new permissions have been defined on all financial types : Add, View, Edit and Delete Contributions of type XXX. If a given role is not to be allowed to view permissions of a given type, then the view permission for this financial type is unchecked.
However, the Contribution BAO is internally using API calls for a lot of functions, and these functions are used by all CIviContribute components, including the contributions pages code.
As a result:
- the view contributions of type must be granted to anonymous user, which seems very dangerous
- the same view contributions of type must NOT be granted to users of a certain role in order to implement the financial ACLs, but this precludes them from making such contributions through a donation page
- as the use of the API expands in Core, we can easily imagine a change that will impact the ability of any role restricted by financial ACLs to enter contributions in the back-end
Identified in CRM_Core_Conrinution_BAO::calculateMissingAmountParams(), but also in other Contribution BAO functions.
Attachments
Issue Links
- supplements
-
-
- Open
-